Bug 7.92 bannedip

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   I noticed that the bannedIP bug is still in 7.92 (and 7.95).  In the functions/functions_common.asp, look for Function BannedIP().  The standard coding truncates the User IP variable (strUserIPAddress) to the length of the wildcarded banned IP and doesn't restore the variable to the full IP for future comparisons.  sfd19 provided a very efficient solid fix.  So, the following code should replace the existing function:

'******************************************

'****           Banned IP's             *****

'******************************************

Private Function bannedIP()

     'Declare variables

     Dim rsIPAddr

     Dim strCheckIPAddress

     Dim strUserIPAddress

     Dim blnIPMatched

     'Intilise variable

     blnIPMatched = False

     'Get the users IP

     strUserIPAddress = getIP()

     'Intialise the ADO recordset object

     Set rsIPAddr = Server.CreateObject("ADODB.Recordset")

     'Get any banned IP address from the database

     'Initalise the strSQL variable with an SQL statement to query the database to count the number of topics in the forums

     If strDatabaseType = "SQLServer" Then

          strSQL = "EXECUTE " & strDbProc & "BannedIPs"

     Else

          strSQL = "SELECT " & strDbTable & "BanList.IP FROM " & strDbTable & "BanList WHERE " & strDbTable & "BanList.IP Is Not Null;"

     End If

     'Query the database

     rsIPAddr.Open strSQL, adoCon

     'Loop through the IP address and check 'em out

     Do while NOT rsIPAddr.EOF and NOT blnIPMatched

          'Get the IP address to check from the recordset

          strCheckIPAddress = rsIPAddr("IP")

          'See if we need to check the IP range or just one IP address

          'If the last character is a * then this is a wildcard range to be checked

          If Right(strCheckIPAddress, 1) = "*" Then

              �

              �'Remove the wildcard charcter form the IP

               �strCheckIPAddress = Replace(strCheckIPAddress, "*", "", 1, -1, 1)

              �

              �'See if whats left of the IP matches

              �If strCheckIPAddress = Mid(strUserIPAddress, 1, Len(strCheckIPAddress)) Then blnIPMatched = True

       �

           'Else check the IP address metches     

          Else

              �'Else check to see if the IP address match

              �If strCheckIPAddress = strUserIPAddress Then blnIPMatched = True

          End If

          'Move to the next record

          rsIPAddr.MoveNext

     Loop

     'Clean up

     rsIPAddr.Close

     Set rsIPAddr = Nothing

     'Return the function

     bannedIP = blnIPMatched

End Function

Most importantly, the function will do a proper IP address comparison, but the change above also stops checking the list after the first match, which could save time and processor resources.

EDIT 10/24/2005: corrected "strCheckIP Address" to "strCheckIPAddress" and removed extraneous "&nbs p;".

Edited by JJLatWebWiz - 24 October 2005 at 12:22pm